User authentication

ABSTRACT

A user authentication method and system. A computing system receives from a user, a first request for accessing specified functions executed by a specified software application. The computing system enables a security manager software application and connects the specified software application to a computing apparatus. The computing system executes first security functions associated with the computing apparatus. The computing system executes second security functions associated with additional computing apparatuses. The computing system determines if the user may access the specified functions executed by the specified software application based on results of executing the first security functions and the second security functions. The computing system generates and stores a report indicating the results.

This application is a continuation application claiming priority to Ser.No. 12/408,757 filed Mar. 23, 2009.

FIELD

The present invention relates to a method and associated system forauthenticating a user for access to specified functions executed by asoftware application.

BACKGROUND

Providing access to a system typically comprises an inefficient processwith little flexibility. Accordingly, there exists a need in the art toovercome the deficiencies and limitations described herein above.

SUMMARY

The present invention provides a method, comprising:

receiving, by a computing system from a user, a first request foraccessing first specified functions executed by a specified softwareapplication;

first enabling, by said computing system, a security manager softwareapplication;

connecting, by said computing system, said specified softwareapplication to a computing apparatus;

first executing, by said computing system in response to said firstenabling, first security functions associated with said computingapparatus;

second executing, by said computing system in response to said firstenabling, second security functions associated with additional computingapparatuses, wherein said computing apparatus is located within aspecified distance of said additional computing apparatuses;

first determining, by a processor of said computing system, if said usermay access said first specified functions executed by said specifiedsoftware application, wherein said first determining is based on resultsof said first executing and said second executing;

generating, by said computing system, a report indicating said results;and

storing, by said computing system, said report.

The present invention advantageously provides a system and associatedmethod capable of providing access to a system.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a block diagram view of a system for authenticating auser to access specified functions executed by a software application,in accordance with embodiments of the present invention.

FIG. 2 illustrates an algorithm describing a process used by the systemof FIG. 1 for authenticating a user to access specified functionsexecuted by a software application, in accordance with embodiments ofthe present invention.

FIG. 3 illustrates a computer system used by the system of FIG. 1 forauthenticating a user to access specified functions executed by asoftware application, in accordance with embodiments of the presentinvention.

DETAILED DESCRIPTION

FIG. 1 illustrates a block diagram view of a system 2 for authenticatinga user to access specified functions executed by a software application18, in accordance with embodiments of the present invention. System 2provides user authentication for access to online Internet activities(e.g., games, virtual worlds, Websites, online exams, etc) that requirethe user to exceed or precede a specified age. Additionally, system 2performs a process for confirming the accuracy and truth of anindividual's response to screening questions associated with a user'sage, gender, occupation, education level, etc. As a first example,system 2 may request a user to submit his/her age for access to aspecific Website and the user (e.g., a 10 year old child) replies thathe/she is 25 years old. In response, system 2 presents (i.e., to theuser) a random series of adult oriented questions (e.g., what year wasthe user born). The user is given a time limit to reply with an answer.If the user exceeds the time limit to reply, system 2 determines thatthe user may be calculating a birth year (i.e., for a 25 year old)rather than remembering his/her age. In this case (i.e., exceeded timelimit), the user is denied access to the Website. As a second example,system 2 may request a user to submit his/her profession for access to aspecific Website and the user replies that he/she is a mathematician. Inresponse, system 2 presents (i.e., to the user) a random series ofmathematical questions (e.g., what is a derivative, an integral, etc).The user is given a time limit to reply with an answer. If the userexceeds the time limit to reply, system 2 determines that the user maybe attempting to locate an answer to the question (e.g., via theInternet, a book, etc) rather than actually knowing the answer. In thiscase (i.e., exceeded time limit), the user is denied access to theWebsite. The screening questions may comprise any type of question usedto identify a user's age, gender, occupation, education level, etc.

-   System 2 performs the following functions associated with an    authentication process:-   1. System 2 generates age, occupation, gender specific questions for    users of software applications and verifies user responses.-   2. System 2 disables access to the Internet while the questions are    being presented to the user so that Internet references (e.g.,    search engines, online dictionaries, etc) may not be used to access    answers to the questions.-   3. System 2 places (i.e., when a user begins to answer questions) a    security token (e.g., a software token) on user's computer to    temporarily disable Website access (e.g., by temporarily closing    down a port used to access the Internet, by shutting down the user's    browsers, by turning off all access to the Internet, etc).-   System 2 comprises computing apparatuses 9 a . . . 9 d (e.g., user    terminals) connected to a computing system 10 through a network 7.    Network 7 may comprise any type of network such as, inter alia, a    local area network, (LAN), a wide area network (WAN), the Internet,    etc. Computing apparatuses 9 a . . . 9 d are located within a    specified location 14. Specified location may comprise a house, a    building (associated with a business), etc. Computing system 10 may    comprise any type of computing system(s) including, inter alia, a    personal computer (PC), a server computer, a database computer, etc.    Computing system 10 may comprise a single computing system or a    plurality of computing systems. Computing system 10 comprises a    memory device 14. Memory device 14 may comprise a single memory    system. Alternatively, memory device 14 may comprise a plurality of    memory systems. Memory device 14 may be internal to computing system    10 (e.g., as illustrated in FIG. 1) or external to computing system    10. Memory device 14 comprises a software application 18, a security    manager software application 20, and a database 17. Alternatively,    security manager software application 20 may be located in any of    computing apparatuses 9 a . . . 9 d.-   Security manager software application 20 performs the following    functions associated a user authentication process for allowing    access to specified functions executed by software application 18:-   1. Security manager software application 20 receives a request    (i.e., from a user using computing apparatus 9 a) for access to    specified functions executed by software application 18.-   2. Security manager software application 20 generates screening    questions (e.g., age related, occupation related, gender related,    etc) and presents the screening questions to the user via computing    apparatus 9 a. Any combination of functions may be executed during    the questioning process of step 2:-   A. Security manager software application 20 may temporarily block    computing apparatus 9 a from access or partial access (i.e., limit    Website access) to the Internet so that Internet references may not    be used to access answers to the screening questions. In order to    continue to access security manager software application 20, while    access to the Internet is temporarily blocked, synchronous    communication may be established between security manager software    application 20 and computing apparatus 9 a. The synchronous    communication allows the user to access security manager software    application 20 with a screen transmitted back to computing apparatus    9 a. Data entered on the screen will be transmitted as a transaction    to the computing system 10. When the user begins to answer the    screening questions, a software token may be placed on the computing    apparatus 9 a. The software token indicates that Web access will be    blocked by: temporarily closing down a port used to access the    Internet, shutting down the user's Web browsers, or by turning off    access to the Internet. After the user answers the screening    questions, the software token is removed and the Web browsers and    ports are activated so that the user is allowed to access software    application 18.-   B. Security manager software application 20 may temporarily block    computing apparatuses 9 b . . . 9 d from access or partial access    (i.e., limit Website access) to the Internet so that Internet    references (i.e., on nearby computers) may not be used to access    answers to the screening questions.-   C. Security manager software application 20 may implement time    limits for receiving answers to the screening questions.-   D. Security manager software application 20 may identify and analyze    various searches executed on any of computing apparatuses 9 b . . .    9 d in order to determine if information associated with the    screening questions has been accessed.-   3. Security manager software application 20 receives (i.e., from the    user) answers to the screening questions and verifies an accuracy of    the answers and the user is authorized to access software    application 18.

Security manager software application 20 performs the followingfunctions associated executing an online exam process in a controlledenvironment:

-   1. Security manager software application 20 receives and executes a    request (i.e., from a user using computing apparatus 9 a) for access    to an online exam executed by software application 18.-   2. Security manager software application 20 temporarily blocks    computing apparatus 9 a from access or partial access (i.e., limit    Website access) to the Internet so that Internet references may not    be used to access answers to the online exam. In order to continue    to access the online exam (i.e., executed by software application    18), while access to the Internet is temporarily blocked,    synchronous communication may be established between software    application 18 and computing apparatus 9 a. The synchronous    communication allows the user to access software application 18 with    a screen transmitted back to computing apparatus 9 a. Data entered    on the screen will be transmitted as a transaction to the computing    system 10. When the user begins to answer the exam questions, a    software token may be placed on the computing apparatus 9 a. The    software token indicates that Web access will be blocked by:    temporarily closing down a port used to access the Internet,    shutting down the user's Web browsers, or by turning off access to    the Internet. After the user completes the exam questions, the    software token is removed and the Web browsers and ports are    activated so that the user may access the Internet in an    unrestricted manner. Additionally, security manager software    application 20 may temporarily block computing apparatuses 9 b . . .    9 d from access or partial access (i.e., limit Website access) to    the Internet so that Internet references (i.e., on nearby computers)    may not be used to access answers to the online exam.-   The following implementation example illustrates a process used by    computing system 10 for allowing access to a social networking    Website (e.g., software application 18) that requires at least a    minimum age (e.g., sixteen years old) for subscribers.

EXAMPLE

-   1. A user requests access to subscribe to social network Website A    via computing apparatus 9 a.-   2. Security manager software application 20 is activated.-   3. Security manager software application 20 determines (e.g.,    through a router) whether there are additional computers (e.g.,    computing apparatuses 9 b . . . 9 d) or communication devices within    the user's vicinity.-   4. If security manager software application 20 determines that there    are additional computers within the user's vicinity, security    manager software application 20 determines whether the additional    computers may be monitored during inquiries.-   5. Security manager software application 20 executes any combination    of the following functions during the questioning process executed    with respect to steps 6-12 as described, infra:-   A. Security manager software application 20 disables computing    apparatus 9 a from access to the internet.-   B. Security manager software application 20 disables computing    apparatuses 9 b . . . 9 d from access to the internet.-   C. Security manager software application 20 monitors all computer    activity executed on any of computing apparatuses 9 a . . . 9 d and    determines whether there are any suspicious searches any of    computing apparatuses 9 a . . . 9 d.-   6. Security manager software application 20 initiates a (screening)    questioning process. Screening questions presented to the user may    include questions that users under 16 years old would be unlikely to    know (e.g., questions about: LP records, VHS tapes, specific jargon    or music that was popular 12 years ago, etc).-   6. Security manager software application 20 determines if the user    has answered the screening questions correctly.-   7. If security manager software application 20 determines that the    user has not answered the screening questions correctly then access    to the social networking Website is denied.-   8. If security manager software application 20 determines that the    user has answered the screening questions correctly then any    combination of the following functions may be executed:-   A. Security manager software application 20 determines if the user    has answered the screening questions in a timely manner indicating    that the answers were spontaneous and not researched.-   B. Security manager software application 20 determines if there was    any correlated activity (e.g., Internet searches) executed on any of    computing apparatuses 9 a . . . 9 d, thereby suggesting that the    answers were researched via the Internet.-   9. If security manager software application 20 determines that the    user has answered the screening questions quickly and there was no    correlated activity executed on any of computing apparatuses 9 a . .    . 9 d, then access to the social networking Website is allowed.

FIG. 2 illustrates an algorithm describing a process used by system 2 ofFIG. 1 for authenticating a user to access specified functions executedby a software application, in accordance with embodiments of the presentinvention. In step 202, a computing system (e.g., computing system 10 ofFIG. 1) receives (i.e., from a user) via a computing apparatus (e.g.,computing apparatus 9 a of FIG. 1) a request for accessing specifiedfunctions (e.g., social networking Website functions) executed by asoftware application (e.g., software application 18 of FIG. 1). In step204, the computing system enables a security manager softwareapplication (e.g., security manager software application 20 of FIG. 1).In step 208, the computing system connects to the specified softwareapplication. In step 210, the computing system (in combination with thesecurity manager software application) executes (i.e., in response toenabling the security manager software application) first securityfunctions associated with the computing system. The first securityfunctions may include generating screening questions (e.g., age related,occupation related, gender related, etc) and presenting the screeningquestions to the user via the computing apparatus. Additionally, anycombination of the following functions may be executed during thescreening questioning process:

-   1. The security manager software application may temporarily block    the computing apparatus from access or partial access (i.e., limit    Website access) to the Internet so that Internet references may not    be used to access answers to the screening questions. In order to    continue to access security manager software application, while    access to the Internet is temporarily blocked, synchronous    communication may be established between the security the manager    software application and the computing apparatus. When the user    begins to answer the screening questions, a software token may be    placed on the computing apparatus. The software token indicates that    Web access will be blocked by: temporarily closing down a port used    to access the Internet, shutting down the user's Web browsers, or by    turning off access to the Internet.-   2. The security manager software application may implement time    limits for receiving answers to the screening questions.-   3. The security manager software application may monitor all    activity executed on the computing apparatus (e.g., Web searches)    and determines whether there are any suspicious searches on the    computing apparatus.-   In step 212, the computing system (e.g., through a router)    determines if there are additional computing apparatuses (e.g.,    computing apparatuses 9 b . . . 9 d in FIG. 1) or communication    devices within the user's vicinity.-   If in step 212, the security manager software application determines    that there are additional computing apparatuses within the user's    vicinity, then in step 214, the security manager software    application executes (i.e., in response to enabling the security    manager software application) second security functions associated    with the additional computing apparatuses and step 220 is executed    as described, infra. Any combination of the following functions may    be executed (in step 214) with respect to the additional computing    apparatuses during the screening questioning process of step 210:-   1. The security manager software application disables the additional    computing apparatuses from access to the internet.-   2. The security manager software application monitors all computer    activity executed on any of the additional computing apparatuses and    determines whether there are any suspicious searches any of the    additional computing apparatuses.

If in step 212, the security manager software application determinesthat there are additional computing apparatuses within the user'svicinity, then step 220 is executed.

-   In step 220, the computing system (in combination with the security    manager software application) enables or disables (i.e., based on    results of the first security functions and/or the second security    functions) access to specified functions executed by the software    application. In step 228, the computing system generates and stores    a report indicating the results of the first security functions    and/or the second security functions and the process is terminated    in step 230.

FIG. 3 illustrates a computer system 90 (e.g., computing system 10 inFIG. 1) used for authenticating a user to access specified functionsexecuted by a software application, in accordance with embodiments ofthe present invention. The computer system 90 comprises a processor 91,an input device 92 coupled to the processor 91, an output device 93coupled to the processor 91, and memory devices 94 and 95 each coupledto the processor 91. The input device 92 may be, inter alia, a keyboard,a mouse, etc. The output device 93 may be, inter alia, a printer, aplotter, a computer screen, a magnetic tape, a removable hard disk, afloppy disk, etc. The memory devices 94 and 95 may be, inter alia, ahard disk, a floppy disk, a magnetic tape, an optical storage such as acompact disc (CD) or a digital video disc (DVD), a dynamic random accessmemory (DRAM), a read-only memory (ROM), etc. The memory device 95includes a computer code 97. The computer code 97 includes an algorithmfor authenticating a user to access specified functions executed by asoftware application (e.g., the algorithm of FIG. 2). The processor 91executes the computer code 97. The memory device 94 includes input data96. The input data 96 includes input required by the computer code 97.The output device 93 displays output from the computer code 97. Eitheror both memory devices 94 and 95 (or one or more additional memorydevices not shown in FIG. 3) may comprise the algorithm of FIG. 2 andmay be used as a computer usable medium (or a computer readable mediumor a program storage device) having a computer readable program codeembodied therein and/or having other data stored therein, wherein thecomputer readable program code comprises the computer code 97.Generally, a computer program product (or, alternatively, an article ofmanufacture) of the computer system 90 may comprise said computer usablemedium (or said program storage device).

Still yet, any of the components of the present invention could bedeployed, managed, serviced, etc. by a service provider who offers toauthenticate a user to access specified functions executed by a softwareapplication. Thus the present invention discloses a process fordeploying or integrating computing infrastructure, comprisingintegrating computer-readable code into the computer system 90, whereinthe code in combination with the computer system 90 is capable ofperforming a method for authenticating a user to access specifiedfunctions executed by a software application. In another embodiment, theinvention provides a business method that performs the process steps ofthe invention on a subscription, advertising, and/or fee basis. That is,a service provider, such as a Solution Integrator, could offer toauthenticate a user to access specified functions executed by a softwareapplication. In this case, the service provider can create, maintain,support, etc., a computer infrastructure that performs the process stepsof the invention for one or more customers. In return, the serviceprovider can receive payment from the customer(s) under a subscriptionand/or fee agreement and/or the service provider can receive paymentfrom the sale of advertising content to one or more third parties.

While FIG. 3 shows the computer system 90 as a particular configurationof hardware and software, any configuration of hardware and software, aswould be known to a person of ordinary skill in the art, may be utilizedfor the purposes stated supra in conjunction with the particularcomputer system 90 of FIG. 3. For example, the memory devices 94 and 95may be portions of a single memory device rather than separate memorydevices.

While embodiments of the present invention have been described hereinfor purposes of illustration, many modifications and changes will becomeapparent to those skilled in the art. Accordingly, the appended claimsare intended to encompass all such modifications and changes as fallwithin the true spirit and scope of this invention.

1. A method, comprising: receiving, by a computing system from a user, afirst request for accessing first specified functions executed by aspecified software application; connecting, by said computing system,said specified software application to a computing apparatus; firstexecuting, by said computing system in response to enabling a securitymanager software application, first security functions associated withsaid computing apparatus, wherein said first executing comprises:presenting, by said computing system to said user, a request forsubmitting an age and occupation of said user; receiving, by saidcomputing system from said user, data indicating said age and occupationof said user; temporarily blocking, by said computing system executing asecurity token, said user from accessing the Internet using saidcomputing apparatus; presenting, by said computing system to said user,first specified questions associated with knowledge possessed by anindividual that comprises a similar age and occupation to said age andoccupation of said user; receiving, by said computing system from saiduser, answers to said specified questions; second determining, by saidcomputing system, if said answers are associated with a firstpredetermined set of answers associated with said knowledge;determining, by said computing system, time periods between saidpresenting each of said first specified questions and said receivingeach of said answers; determining, by said computing system, if any ofsaid time periods exceed said predetermined time period; and generating,by said computing system, results of said comparing and results of saiddetermining if any of said time periods exceed said predetermined timeperiod; additionally determining, by said computing system, that saidcomputing apparatus is located within a specified distance of additionalcomputing apparatuses, wherein said specified distance comprises adistance allowing said user to physically access said additionalcomputing apparatuses for accessing the Internet for retrieving saidanswers; second executing, by said computing system in response to saidfirst executing and results of said additionally determining, secondsecurity functions associated with an Internet connection of saidadditional computing apparatuses; and first determining, by a processorof said computing system, if said user may access said first specifiedfunctions executed by said specified software application, wherein saidfirst determining is based on results of said first executing and saidsecond executing and said results of said comparing.
 2. The method ofclaim 1, wherein said first specified questions are associated with agender of said user.
 3. The method of claim 1, wherein said seconddetermining determines that said answers are associated with said firstpredetermined set of answers, wherein said first determining determinesthat said user may access said first specified functions executed bysaid specified software application, and wherein said method furthercomprises: second enabling, by said computing system for said user,access to said first specified functions executed by said specifiedsoftware application.
 4. The method of claim 1, wherein said computingsystem is connected to said specified software application through theInternet, and wherein said method further comprises: allowing, by saidcomputing system, said user to only access said specified softwareapplication through the Internet.
 5. The method of claim 1, wherein saidsecond determining determines that said answers are not associated withsaid first predetermined set of answers, wherein said first determiningdetermines that said user may not access said first specified functionsexecuted by said specified software application, and wherein said methodfurther comprises: disabling, by said computing system, access to saidfirst specified functions executed by said specified softwareapplication.
 6. The method of claim 1, wherein said second executingcomprises: blocking, by said computing system, said additional computingapparatuses from accessing the Internet.
 7. The method of claim 6,wherein said second determining determines that said answers areassociated with said first predetermined set of answers, wherein saidfirst determining determines that said user may access said firstspecified functions executed by said specified software application, andwherein said method further comprises: second enabling, by saidcomputing system for said user, access to said first specified functionsexecuted by said specified software application.
 8. The method of claim6, wherein said second determining determines that said answers are notassociated with said first predetermined set of answers, wherein saidfirst determining determines that said user may not access said firstspecified functions executed by said specified software application, andwherein said method further comprises: disabling, by said computingsystem, access to said first specified functions executed by saidspecified software application.
 9. The method of claim 1, wherein saidsecond executing comprises: monitoring, by said computing system,information retrieved through the Internet by said additional computingapparatuses; and third determining, by said computing system, if saidinformation is associated with said first specified questions.
 10. Themethod of claim 9, wherein said third determining determines that saidinformation is not associated with said first specified questions,wherein said second determining determines that said answers areassociated with said first predetermined set of answers, wherein saidfirst determining determines that said user may access said firstspecified functions executed by said specified software application, andwherein said method further comprises: second enabling, by saidcomputing system for said user, access to said first specified functionsexecuted by said specified software application.
 11. The method of claim9, wherein said third determining determines that said information isassociated with said first specified questions, wherein said seconddetermining determines that said answers are not associated with saidfirst predetermined set of answers, wherein said first determiningdetermines that said user may not access said first specified functionsexecuted by said specified software application, and wherein said methodfurther comprises: disabling, by said computing system, access to saidfirst specified functions executed by said specified softwareapplication.
 12. The method of claim 1, wherein said results of saidcomparing indicate that said time period exceeds said predetermined timeperiod, and wherein said method further comprises: disabling, by saidcomputing system, access to said first specified functions executed bysaid specified software application.
 13. The method of claim 1, whereinsaid results of said comparing indicate that said predetermined timeperiod exceeds said time period, and wherein said method furthercomprises: third determining, by said computing system, if said answersare associated with said first predetermined set of answers.
 14. Themethod of claim 13, wherein said third determining determines that saidanswers are associated with said first predetermined set of answers,wherein said first determining determines that said user may access saidfirst specified functions executed by said specified softwareapplication, and wherein said method further comprises: second enabling,by said computing system for said user, access to said first specifiedfunctions executed by said specified software application.
 15. Themethod of claim 13, wherein said third determining determines that saidanswers are not associated with said first predetermined set of answers,wherein said first determining determines that said user may not accesssaid first specified functions executed by said specified softwareapplication, and wherein said method further comprises: disabling, bysaid computing system, access to said first specified functions executedby said specified software application.
 16. The method of claim 1,further comprising: providing at least one support service for at leastone of creating, integrating, hosting, maintaining, and deployingcomputer-readable code in the computer system, said program code beingexecuted by a computer processor of the computing system to implementthe method of claim
 1. 17. A computer program product, comprising acomputer readable storage device storing a computer readable programcode, said computer readable program code configured to perform a methodupon being executed by a computer processor of a computing system, saidmethod comprising: receiving, by said computing system from a user, afirst request for accessing first specified functions executed by aspecified software application; connecting, by said computing system,said specified software application to a computing apparatus; firstexecuting, by said computing system in response to enabling a securitymanager software application, first security functions associated withsaid computing apparatus, wherein said first executing comprises:presenting, by said computing system to said user, a request forsubmitting an age and occupation of said user; receiving, by saidcomputing system from said user, data indicating said age and occupationof said user; temporarily blocking, by said computing system executing asecurity token, said user from accessing the Internet using saidcomputing apparatus; presenting, by said computing system to said user,first specified questions associated with knowledge possessed by anindividual that comprises a similar age and occupation to said age andoccupation of said user; receiving, by said computing system from saiduser, answers to said specified questions; second determining, by saidcomputing system, if said answers are associated with a firstpredetermined set of answers associated with said knowledge;determining, by said computing system, time periods between saidpresenting each of said first specified questions and said receivingeach of said answers; determining, by said computing system, if any ofsaid time periods exceed said predetermined time period; and generating,by said computing system, results of said comparing and results of saiddetermining if any of said time periods exceed said predetermined timeperiod; additionally determining, by said computing system, that saidcomputing apparatus is located within a specified distance of additionalcomputing apparatuses, wherein said specified distance comprises adistance allowing said user to physically access said additionalcomputing apparatuses for accessing the Internet for retrieving saidanswers; second executing, by said computing system in response to saidfirst executing and results of said additionally determining, secondsecurity functions associated with an Internet connection of saidadditional computing apparatuses; and first determining, by a processorof said computing system, if said user may access said first specifiedfunctions executed by said specified software application, wherein saidfirst determining is based on results of said first executing and saidsecond executing and said results of said comparing.
 18. A computingsystem comprising a processor coupled to a computer-readable memoryunit, said memory unit comprising a computer readable code that whenexecuted by a computer processor implements a method comprising:receiving, by said computing system from a user, a first request foraccessing first specified functions executed by a specified softwareapplication; connecting, by said computing system, said specifiedsoftware application to a computing apparatus; first executing, by saidcomputing system in response to enabling a security manager softwareapplication, first security functions associated with said computingapparatus, wherein said first executing comprises: presenting, by saidcomputing system to said user, a request for submitting an age andoccupation of said user; receiving, by said computing system from saiduser, data indicating said age and occupation of said user; temporarilyblocking, by said computing system executing a security token, said userfrom accessing the Internet using said computing apparatus; presenting,by said computing system to said user, first specified questionsassociated with knowledge possessed by an individual that comprises asimilar age and occupation to said age and occupation of said user;receiving, by said computing system from said user, answers to saidspecified questions; second determining, by said computing system, ifsaid answers are associated with a first predetermined set of answersassociated with said knowledge; determining, by said computing system,time periods between said presenting each of said first specifiedquestions and said receiving each of said answers; determining, by saidcomputing system, if any of said time periods exceed said predeterminedtime period; and generating, by said computing system, results of saidcomparing and results of said determining if any of said time periodsexceed said predetermined time period; additionally determining, by saidcomputing system, that said computing apparatus is located within aspecified distance of additional computing apparatuses, wherein saidspecified distance comprises a distance allowing said user to physicallyaccess said additional computing apparatuses for accessing the Internetfor retrieving said answers; second executing, by said computing systemin response to said first executing and results of said additionallydetermining, second security functions associated with an Internetconnection of said additional computing apparatuses; and firstdetermining, by a processor of said computing system, if said user mayaccess said first specified functions executed by said specifiedsoftware application, wherein said first determining is based on resultsof said first executing and said second executing and said results ofsaid comparing.